tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 20473] - ajp13 connection between apache and tomcat is not encrypted
Date Wed, 04 Jun 2003 12:07:07 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20473>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20473

ajp13 connection between apache and tomcat is not encrypted

david.cassidy@db.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|LATER                       |



------- Additional Comments From david.cassidy@db.com  2003-06-04 12:07 -------
So, Let me get this right.
In order to use *less* resources we need to twice the amount of work ? 
( ie on box a run apache & sshtunnel and on box b run tomcat & sshtunnel)

This doesn't make sense to me.
Having tested this on a p2 300 (both ends) it doesn't add much overhead & to the
poor box. AJP13 is very good with keep-alive connections. The majority of the
overhead is on the initial connection. The encryption whilst the connection is
alive is relativly low.

That being said I can understand that the average user of Tomcat & apache
doesn't care too much about the security level between apache & tomcat. The fact
that they have a secure site with an insecure connecting layer won't bother them.

However for the bigger/enterprise user of this technology, this might be of
concern. Security teams will be interrested in this.

Of course if you have two machines on the open net and you are taking credit
card details etc please think about the implications.

I suggest that in the same way that Java has the 'javax.' classes we should
consider a level of extensions for mod_jk2. After all *ALL* the work has been
done it's all here you just need to use it.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message